India do cyber attack to Pakistan!
After a year and a half of tracking and analysis, Chinese network security enterprises found that an APT (Advanced persistent Network Attack) organization from India launched new attacks against the Pakistani government and military institutions. The APT organization is based in India, but its code name is Confucius.
China's network security technology group enterprise Ann day 12 of "global times" reporter, said the group from India, the attacks dates back to 2013, the main against China, Pakistan, Bangladesh and other neighboring countries India government, military, energy and other fields to carry out to steal sensitive information for the purpose of attack activity.
Interestingly, international security vendors have named the organization Confucius. Li Baisong, deputy chief engineer of ANTIan Technology Group, said that the page used by the attack group to disguise the delivery of attack instructions and return addresses during the attack contained the words' Confucius says' and was therefore named as' Confucius'. "This shows that the attackers have also studied Chinese culture during their continuous attack on China. Confucius is adept at using spear phishing emails, watering hole attacks and phishing websites in combination with unique social engineering techniques to target targets."
APT organizations, with political and economic interests as the starting point, steal the target's core information or destroy the other party's key infrastructure. The impact of their attacks is not limited to the virtual network world, but also the physical world.
It is reported that since 2021, AnTian CERT (Security Research and Emergency Response Center) has been conducting a new round of tracking and sorting out attacks from the South Asian subcontinent, and has found that Confucius organizations have launched attacks against the Pakistani government and military institutions. In this attack, the attackers mainly in the name of Pakistani government staff to target spear phishing emails, most of the content of the phishing emails related to the Pakistani government, through the content of the phishing emails to lure the target to download and open the document embedded malicious macro code. So as to implant open source Trojan QuasarRAT, self-developed C++ backdoor Trojan, C# secret stealer Trojan and JScript downloader Trojan to the target machine, and finally steal information.
"In the course of tracking, we have been able to capture sample files of Confucius attacks against Pakistan, such as a malicious RTF document on the Pakistani Army's victim list in June 2021. "In February 2022, the attack was carried out using a cache of information about the COVID-19 vaccination status of Pakistani government employees." Li Baisong said that the attacker embedded different types of malicious links in the body of the phishing email and the attached PDF file. When the target read the phishing email, it would be tricked by the attacker's carefully designed body of the email and the CONTENT of the PDF file, so as to click the malicious link to download the document with malicious macro code.
In addition, through comprehensive analysis of the samples of malicious shortcuts of Confucius captured this time, ANTIan found that it shared tools and code with another APT organization in India, SideWinder. "It is common to see codes and tools shared among APT organizations in India," li said. Previously, foreign security vendors have disclosed that there is a code sharing and asset sharing relationship between Confucius, Urpage and White Elephant."
At present, the attacks has been noticed by Pakistan's relevant government departments, including Pakistan's national telecommunications and information technology security council (NTISB) has issued a national network threat warning, said the attackers were sent to government officials and the public to imitate the Pakistani prime minister's office of fake phishing e-mails, so asked for the government officials and the public to remain vigilant, Do not provide any information via email or social media links.
